Discover three effective methods to create a Linux firewall service with our detailed guide. Learn how to configure firewall rules using firewalld
, to secure your Linux server. #centlinux #linux #firewall
Firewalld is a firewall management tool for Linux operating systems licensed under GNU General Public License 2.
Firewalld is the default firewall management tool in RHEL based Linux distros from version 7 onwards, where it replaces the legacy firewall management tool i.e. iptables. Firewalld is a dynamically managed firewall with support for network zones, IPv4, IPv6, ethernet bridges and IP sets.
Firewalld is a dynamic firewall management tool for Linux systems that provides a flexible and user-friendly way to configure firewall rules and manage network traffic. It is designed to be more intuitive and versatile than older firewall management tools like iptables
.
Here’s a detailed overview of Firewalld, including its features, components, and how to use it:
iptables
, ip6tables
, and nftables
, allowing you to choose the best backend for your needs.Zones:
Services:
Rich Rules:
Direct Rules:
iptables
rules for advanced configurations.Recommended Online Training: Learn Bash Shell in Linux for Beginners
Consider a scenario where we are running an Oracle Database 19c instance on CentOS 8 server.
Default Oracle Listener uses the service port 1521/tcp. We have also configured another Oracle Listener service that is using port 1522/tcp.
In short, we have two Oracle listeners running on ports 1521/tcp and 1522/tcp simultaneously.
Our objective is to create a custom Linux firewall service to control access to our Oracle Listener ports.
Recommended Online Training: Learn Bash Shell in Linux for Beginners
In this method, we will create a Linux firewall service using firewall-cmd command.
Create a new service for Oracle Listener ports.
# firewall-cmd --permanent --new-service=oranet success
Add long description of the service.
# firewall-cmd --permanent --service=oranet > --set-description="Oracle Listener Service" success
Add short description of the service.
# firewall-cmd --permanent --service=oranet > --set-short=oranet success
Add Oracle Listener service ports.
# firewall-cmd --permanent --service=oranet --add-port=1521/tcp success
# firewall-cmd --permanent --service=oranet --add-port=1522/tcp success
Reload firewalld configurations.
# firewall-cmd --reload success
Display configurations of CentOS firewall.
# firewall-cmd --info-service=oranet oranet ports: 1521/tcp 1522/tcp protocols: source-ports: modules: destination:
We can add more settings to our service in similar way. You can refer to Firewalld Documentation for more details.
In this method, we will define the firewalld service settings in an XML file and then use firewall-cmd command to create a custom service in our Linux firewall.
# vi ~/oranet.xml
and add following XML code therein.
<?xml version="1.0" encoding="utf-8"?> <service> <short>oranet</short> <description>Oracle Listener Service</description> <port protocol="tcp" port="1521" /> <port protocol="tcp" port="1522" /> </service>
Now use firewall-cmd command to create Linux firewall service.
# firewall-cmd --permanent --new-service-from-file=oranet.xml success
Reload firewalld configurations and check oranet service.
# firewall-cmd --reload success
# firewall-cmd --info-service=oranet oranet ports: 1521/tcp 1522/tcp protocols: source-ports: modules: destination:
This method is normally used by software packages during installation to create their respective firewalld services.
In this method, we create a custom service definition file in firewalld configuration directory.
# vi /etc/firewalld/services/oranet.xml
Add following XML code therein.
<?xml version="1.0" encoding="utf-8"?> <service> <short>oranet</short> <description>Oracle Listener Service</description> <port protocol="tcp" port="1521" /> <port protocol="tcp" port="1522" /> </service>
Reload firewalld configurations and check service oranet service.
# firewall-cmd --reload success
# firewall-cmd --info-service=oranet oranet ports: 1521/tcp 1522/tcp protocols: source-ports: modules: destination:
We have explored all 3 ways to create a custom service in CentOS firewall.
If you are new to Linux and facing difficulty in working at Linux Bash prompt. We recommend that, you should read The Linux Command Line, 2nd Edition: A Complete Introduction by William Shotts.
Creating a robust Linux firewall service is essential for securing your server and network. This guide has explored three effective methods to help you choose the best approach for your needs.
If you’d prefer professional assistance or need help with configuring your Linux firewall, I offer expert services to set up and manage your firewall rules effectively. Visit my Fiverr profile for more details and to get started: Linux Cloud Engineer
Secure your Linux server with tailored firewall solutions from a trusted expert today!
Puppy Linux is a fast, lightweight OS designed for speed and simplicity, perfect for old…
Learn how to change Apache document root in Linux by following this step-by-step guide. Adjust…
Discover how to change Apache port in Linux easily. Follow our simple guide to modify…
Learn how to create a virtual host in Apache Server with this comprehensive guide. Set…
Discover 10 practical tasks for the RHCSA exam with step-by-step solutions. Boost your Linux skills…
Discover the ultimate Fail2ban configuration guide. Learn how to set up, customize, and optimize Fail2ban…
This website uses cookies.
View Comments
Thank you, Sir. It's a great help.
You're welcome.
cual es el servicio por defecto que incluye el puerto 1521 y el 1522?
Q: What is the default service that includes port 1521 and 1522?
A: No, there is not default service defined for 1521 and 1522 (Oracle Listener Ports).
ty for your help :)
My pleasure.